Benchmarking
Benchmarking generally refers to the process of ranking or scoring security against an established standard measure. Benchmarks can be absolute or cross-sectional.
This study examples the security practices of 45 web applications
, and finds that the most secure e-business applications have one-quarter as many security defects as the worst -- and eighty percent less risk.
Benchmarking Goodness Criteria Established by DBench Project
Comparative Application Security
The Security of Applications: Not All Are Created Equal (February 2002)
by Andrew JaquithThis study examples the security practices of 45 web applications
, and finds that the most secure e-business applications have one-quarter as many security defects as the worst -- and eighty percent less risk.
Benchmarking Goodness Criteria Established by DBench Project 
| Criterion | Meaning |
|---|---|
| Representativeness | how well inputs like workloads corresponds to real system characteristics |
| Repeatability | statistically equivalent results when run multilple times in the same environment |
| Reproducability | degree to which another party obtains statistically equivalent results when the benchmark is implemented from the same specifications |
| Portability | range of target systems to which benchmark specification applies to allow comparision |
| Non-Intrusiveness | requires minimum changes to target system and does not affect results |
| Scalability | ability to evaluate systems of different sizes |
| Time | time required to obtain the result |
| Cost | cost required to obtain result compared to value |
Contributed by Sami Saydjari
Security Metrics: the book
Welcome
Metricon 5
Mini MetriCon 4.5
MetriCon 4.0
Mini MetriCon 3.5
MetriCon 3.0
Mini MetriCon 2.5
MetriCon 2.0
MetriCon 1.0
Who We Are
News
Recent Changes
Aggregation
Benchmarking
Empirical Studies
Metrics Catalog Project
Metrics Definitions
Return on Investment
Security Modeling
Visualization
Page Info
My Prefs
Log in
This page (revision-9) last changed on
14:27 30-Jun-2006
by O. Sami Saydjari.
JSPWiki v2.4.1-cvs
![[RSS]](/content/images/xml.png "Aggregate the RSS feed of the entire wiki")